WARNING - Phishing Fraud
September 05, 2023
By: Worcester Credit Union
Your financial success and safety are our #1 Priority here at Worcester Credit Union. As such, I felt it necessary to send this message to help keep you informed and aware of the current trends and risks as a consumer. In the recent past few weeks, we have seen a significant increase in fraudulent activity related to Phishing scams targeted at consumers in the financial services industry. Scammers are very busy these days and adapting their methods to gain access to consumer’s personal financial information and sadly, using the consumer’s themselves to unwittingly assist them! These scammers use a variety of methods - I will be sending a series of these messages with the methods for you to be aware and cautious of.
Phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a financial institution you know or do business with, a credit card company, a social networking site, an online payment website or app, or an online store or retail store you know of and frequent.
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may:
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you must confirm some personal information
- include a fake invoice
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
Don’t take action via the method sent to you. Contact the ‘sender’ the way you normally would. NOT calling the number they called you from or were given or clicking on a link from a text or email. Initiative the contact with them you would have if you were going to contact them for another reason other than the ‘message’ you are inquiring on. If you would not normally have reason to contact them, contact the company or organization directly, using a phone number or website you know is real. REPEAT! Do not use the contact information sent to you in the questionable email, text, etc.
Four Steps to Protect Yourself From Phishing
- Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
- Something you have — like a passcode you get via text message or an authentication app.
- Something you are — like a scan of your fingerprint, your retina, or your face. Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
- Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
What to Do If You Suspect a Phishing Attack
If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me?
If the answer is “No,” it could be a phishing scam. Go back and review the tips in How to recognize phishing and look for signs of a phishing scam. If you see them, report the message and then delete it.
If the answer is “Yes,” contact the company using a phone number or website you know is real. Not the information in the email. Attachments and links can install harmful malware.
What to Do If You Responded to a Phishing Email
If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.
If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan.
If you receive a call, call them back at the number they called you from. Beware of fake government agencies promoted by fraudsters. The only official list of all U.S. federal grant-making agencies can be found at www.grants.gov
If you have any questions or concerns, please contact any one of us at Worcester Credit Union at 508-853-9966 for assistance and guidance. We are happy to assist you and help you prevent these scammers from gaining access through your trust.